From 84adefa331c4159d432d22840663c38f155cd4c1 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Fri, 20 Nov 2009 14:54:40 +0000 Subject: The R13B03 release. --- lib/public_key/doc/html/.gitignore | 0 lib/public_key/doc/man3/.gitignore | 0 lib/public_key/doc/pdf/.gitignore | 0 lib/public_key/doc/src/Makefile | 227 ++++++++++ lib/public_key/doc/src/book.xml | 51 +++ lib/public_key/doc/src/cert_records.xml | 612 ++++++++++++++++++++++++++ lib/public_key/doc/src/fascicules.xml | 19 + lib/public_key/doc/src/introduction.xml | 52 +++ lib/public_key/doc/src/make.dep | 21 + lib/public_key/doc/src/note.gif | Bin 0 -> 1539 bytes lib/public_key/doc/src/notes.xml | 120 +++++ lib/public_key/doc/src/part.xml | 42 ++ lib/public_key/doc/src/part_notes.xml | 38 ++ lib/public_key/doc/src/public_key.xml | 317 +++++++++++++ lib/public_key/doc/src/public_key_records.xml | 99 +++++ lib/public_key/doc/src/ref_man.xml | 43 ++ 16 files changed, 1641 insertions(+) create mode 100644 lib/public_key/doc/html/.gitignore create mode 100644 lib/public_key/doc/man3/.gitignore create mode 100644 lib/public_key/doc/pdf/.gitignore create mode 100644 lib/public_key/doc/src/Makefile create mode 100644 lib/public_key/doc/src/book.xml create mode 100644 lib/public_key/doc/src/cert_records.xml create mode 100644 lib/public_key/doc/src/fascicules.xml create mode 100644 lib/public_key/doc/src/introduction.xml create mode 100644 lib/public_key/doc/src/make.dep create mode 100644 lib/public_key/doc/src/note.gif create mode 100644 lib/public_key/doc/src/notes.xml create mode 100644 lib/public_key/doc/src/part.xml create mode 100644 lib/public_key/doc/src/part_notes.xml create mode 100644 lib/public_key/doc/src/public_key.xml create mode 100644 lib/public_key/doc/src/public_key_records.xml create mode 100644 lib/public_key/doc/src/ref_man.xml (limited to 'lib/public_key/doc') diff --git a/lib/public_key/doc/html/.gitignore b/lib/public_key/doc/html/.gitignore new file mode 100644 index 0000000000..e69de29bb2 diff --git a/lib/public_key/doc/man3/.gitignore b/lib/public_key/doc/man3/.gitignore new file mode 100644 index 0000000000..e69de29bb2 diff --git a/lib/public_key/doc/pdf/.gitignore b/lib/public_key/doc/pdf/.gitignore new file mode 100644 index 0000000000..e69de29bb2 diff --git a/lib/public_key/doc/src/Makefile b/lib/public_key/doc/src/Makefile new file mode 100644 index 0000000000..08d1396cca --- /dev/null +++ b/lib/public_key/doc/src/Makefile @@ -0,0 +1,227 @@ +# +# %CopyrightBegin% +# +# Copyright Ericsson AB 2008-2009. All Rights Reserved. +# +# The contents of this file are subject to the Erlang Public License, +# Version 1.1, (the "License"); you may not use this file except in +# compliance with the License. You should have received a copy of the +# Erlang Public License along with this software. If not, it can be +# retrieved online at http://www.erlang.org/. +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# %CopyrightEnd% +# + +# +include $(ERL_TOP)/make/target.mk +include $(ERL_TOP)/make/$(TARGET)/otp.mk + +# ---------------------------------------------------- +# Application version +# ---------------------------------------------------- +include ../../vsn.mk +VSN=$(PUBLIC_KEY_VSN) +APPLICATION=public_key + +# ---------------------------------------------------- +# Include dependency +# ---------------------------------------------------- + +ifndef DOCSUPPORT +include make.dep +endif + +# ---------------------------------------------------- +# Release directory specification +# ---------------------------------------------------- +RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN) +# ---------------------------------------------------- +# Target Specs +# ---------------------------------------------------- +XML_APPLICATION_FILES = ref_man.xml +XML_REF3_FILES = public_key.xml +XML_REF6_FILES = + +XML_PART_FILES = part.xml part_notes.xml +XML_CHAPTER_FILES = \ + introduction.xml \ + public_key_records.xml \ + cert_records.xml \ + notes.xml + +BOOK_FILES = book.xml + +GIF_FILES = note.gif + +# ---------------------------------------------------- + +TOP_HTML_FILES = + +HTML_FILES = $(XML_APPLICATION_FILES:%.xml=$(HTMLDIR)/%.html) \ + $(XML_PART_FILES:%.xml=$(HTMLDIR)/%.html) + +INFO_FILE = ../../info + +EXTRA_FILES = \ + $(DEFAULT_GIF_FILES) \ + $(DEFAULT_HTML_FILES) \ + $(XML_REF3_FILES:%.xml=$(HTMLDIR)/%.html) \ + $(XML_CHAPTER_FILES:%.xml=$(HTMLDIR)/%.html) + +MAN3_FILES = $(XML_REF3_FILES:%.xml=$(MAN3DIR)/%.3) + +ifdef DOCSUPPORT + +HTML_REF_MAN_FILE = $(HTMLDIR)/index.html + +TOP_PDF_FILE = $(PDFDIR)/$(APPLICATION)-$(VSN).pdf + +else + +TEX_FILES_BOOK = \ + $(BOOK_FILES:%.xml=%.tex) +TEX_FILES_REF_MAN = $(XML_REF3_FILES:%.xml=%.tex) \ + $(XML_APPLICATION_FILES:%.xml=%.tex) +TEX_FILES_USERS_GUIDE = \ + $(XML_PART_FILES:%.xml=%.tex) \ + $(XML_CHAPTER_FILES:%.xml=%.tex) + +TOP_PDF_FILE = public_key-$(VSN).pdf +TOP_PS_FILE = public_key-$(VSN).ps + +$(TOP_PDF_FILE): book.dvi ../../vsn.mk + $(DVI2PS) $(DVIPS_FLAGS) -f $< | $(DISTILL) $(DISTILL_FLAGS) > $@ + +$(TOP_PS_FILE): book.dvi ../../vsn.mk + $(DVI2PS) $(DVIPS_FLAGS) -f $< > $@ + +endif + +# ---------------------------------------------------- +# FLAGS +# ---------------------------------------------------- +XML_FLAGS += +DVIPS_FLAGS += + +# ---------------------------------------------------- +# Targets +# ---------------------------------------------------- +$(HTMLDIR)/%.gif: %.gif + $(INSTALL_DATA) $< $@ + +ifdef DOCSUPPORT + +docs: pdf html man + +$(TOP_PDF_FILE): $(XML_FILES) + +pdf: $(TOP_PDF_FILE) + +html: gifs $(HTML_REF_MAN_FILE) + +clean clean_docs: + rm -rf $(HTMLDIR)/* + rm -f $(MAN3DIR)/* + rm -f $(TOP_PDF_FILE) $(TOP_PDF_FILE:%.pdf=%.fo) + rm -f errs core *~ + +else + +ifeq ($(DOCTYPE),pdf) +docs: pdf +else +ifeq ($(DOCTYPE),ps) +docs: ps +else +docs: html gifs man +endif +endif + +pdf: $(TOP_PDF_FILE) + +ps: $(TOP_PS_FILE) + +html: $(HTML_FILES) + +clean clean_docs clean_tex: + rm -f $(TEX_FILES_USERS_GUIDE) $(TEX_FILES_REF_MAN) $(TEX_FILES_BOOK) + rm -f $(HTML_FILES) $(MAN3_FILES) + rm -f $(TOP_PDF_FILE) $(TOP_PS_FILE) + rm -f errs core *~ min_head.gif \ + $(LATEX_CLEAN) + +endif + +man: $(MAN3_FILES) + +gifs: $(GIF_FILES:%=$(HTMLDIR)/%) + +debug opt: + + +# ---------------------------------------------------- +# Release Target +# ---------------------------------------------------- +include $(ERL_TOP)/make/otp_release_targets.mk + +ifdef DOCSUPPORT + +release_docs_spec: docs + $(INSTALL_DIR) $(RELSYSDIR)/doc/pdf + $(INSTALL_DATA) $(TOP_PDF_FILE) $(RELSYSDIR)/doc/pdf + $(INSTALL_DIR) $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(HTMLDIR)/* \ + $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR) + $(INSTALL_DIR) $(RELEASE_PATH)/man/man3 + $(INSTALL_DATA) $(MAN3DIR)/* $(RELEASE_PATH)/man/man3 +else + +ifeq ($(DOCTYPE),pdf) +release_docs_spec: pdf + $(INSTALL_DIR) $(RELEASE_PATH)/pdf + $(INSTALL_DATA) $(TOP_PDF_FILE) $(RELEASE_PATH)/pdf +else +ifeq ($(DOCTYPE),ps) +release_docs_spec: ps + $(INSTALL_DIR) $(RELEASE_PATH)/ps + $(INSTALL_DATA) $(TOP_PS_FILE) $(RELEASE_PATH)/ps +else +release_docs_spec: docs + $(INSTALL_DIR) $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(GIF_FILES) $(EXTRA_FILES) $(HTML_FILES) \ + $(RELSYSDIR)/doc/html + $(INSTALL_DATA) $(INFO_FILE) $(RELSYSDIR) + $(INSTALL_DIR) $(RELEASE_PATH)/man/man3 + $(INSTALL_DATA) $(MAN3_FILES) $(RELEASE_PATH)/man/man3 +endif +endif + +endif + +release_spec: + +info: + @echo "GIF_FILES:\n$(GIF_FILES)" + @echo "" + @echo "EXTRA_FILES:\n$(EXTRA_FILES)" + @echo "" + @echo "HTML_FILES:\n$(HTML_FILES)" + @echo "" + @echo "TOP_HTML_FILES:\n$(TOP_HTML_FILES)" + @echo "" + @echo "DEFAULT_GIF_FILES:\n$(DEFAULT_GIF_FILES)" + @echo "" + @echo "DEFAULT_HTML_FILES:\n$(DEFAULT_HTML_FILES)" + @echo "" + @echo "XML_REF3_FILES:\n$(XML_REF3_FILES)" + @echo "" + @echo "XML_REF6_FILES:\n$(XML_REF6_FILES)" + @echo "" + @echo "XML_CHAPTER_FILES:\n$(XML_CHAPTER_FILES)" + @echo "" diff --git a/lib/public_key/doc/src/book.xml b/lib/public_key/doc/src/book.xml new file mode 100644 index 0000000000..d3b8c7a2c7 --- /dev/null +++ b/lib/public_key/doc/src/book.xml @@ -0,0 +1,51 @@ + + + + +
+ + 2008 + 2008 + Ericsson AB, All Rights Reserved + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + + + public_key + Ingela Anderton Andin + + 2008-01-22 + + book.sgml +
+ + + public_key + + + + + + + + + + + + + + + + diff --git a/lib/public_key/doc/src/cert_records.xml b/lib/public_key/doc/src/cert_records.xml new file mode 100644 index 0000000000..8fb4ea5fd0 --- /dev/null +++ b/lib/public_key/doc/src/cert_records.xml @@ -0,0 +1,612 @@ + + + + +
+ + 2008 + 2008 + Ericsson AB, All Rights Reserved + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + + + Certificate records + Ingela Anderton Andin + + + + + 2008-02-06 + A + cert_records.xml +
+ +

This chapter briefly describes erlang records derived from asn1 + specifications used to handle X509 certificates. The intent is to + describe the data types and not to specify the meaning of each + component for this we refer you to RFC 3280. +

+ +

Use the following include directive to get access to the + records and constant macros described in the following sections.

+ + -include_lib("public_key/include/public_key.hrl"). + +
+ Common Data Types + +

Common non standard erlang + data types used to described the record fields in the + below sections are defined in public key reference manual or + follows here.

+ +

time() = uct_time() | general_time()

+ +

uct_time() = {utcTime, "YYMMDDHHMMSSZ"}

+ +

general_time() = {generalTime, "YYYYMMDDHHMMSSZ"}

+ +

+ general_name() = {rfc822Name, string()} | {dNSName, string()} + | {x400Address, string()} | {directoryName, + {rdnSequence, [#AttributeTypeAndValue'{}]}} | + | {eidPartyName, special_string()} + | {eidPartyName, special_string(), special_string()} + | {uniformResourceIdentifier, string()} | {ipAddress, string()} | + {registeredId, oid()} | {otherName, term()} +

+ +

+ special_string() = + {teletexString, string()} | {printableString, string()} | + {universalString, string()} | {utf8String, string()} | + {bmpString, string()} +

+ +

+ dist_reason() = unused | keyCompromise | cACompromise | + affiliationChanged | superseded | cessationOfOperation | + certificateHold | privilegeWithdrawn | + aACompromise +

+
+ +
+ PKIX Certificates + +#'Certificate'{ + tbsCertificate, % #'TBSCertificate'{} + signatureAlgorithm, % #'AlgorithmIdentifier'{} + signature % {0, binary()} - asn1 compact bitstring + }. + +#'TBSCertificate'{ + version, % v1 | v2 | v3 + serialNumber, % integer() + signature, % #'AlgorithmIdentifier'{} + issuer, % {rdnSequence, [#AttributeTypeAndValue'{}]} + validity, % #'Validity'{} + subject, % {rdnSequence, [#AttributeTypeAndValue'{}]} + subjectPublicKeyInfo, % #'SubjectPublicKeyInfo'{} + issuerUniqueID, % binary() | asn1_novalue + subjectUniqueID, % binary() | asn1_novalue + extensions % [#'Extension'{}] + }. + +#'AlgorithmIdentifier'{ + algorithm, % oid() + parameters % asn1_der_encoded() + }. +#'SignatureAlgorithm'{ + algorithm, % id_signature_algorithm() + parameters % public_key_params() + }. + + +

id_signature_algorithm() = ?oid_name_as_erlang_atom for available +oid names see table below. Ex: ?'id-dsa-with-sha1'

+ + + OID name + + + id-dsa-with-sha1 + + + md2WithRSAEncryption + + + md5WithRSAEncryption + + + sha1WithRSAEncryption + + + ecdsa-with-SHA1 + + Signature algorithm oids +
+ + +#'AttributeTypeAndValue'{ + type, % id_attributes() + value % term() + }. + + +

id_attributes() = ?oid_name_as_erlang_atom +for available oid names see table below. Ex: ?'id-at-name'

+ + + OID name + Value type + + + id-at-name + special_string() + + + id-at-surname + special_string() + + + id-at-givenName + special_string() + + + id-at-initials + special_string() + + + id-at-generationQualifier + special_string() + + + id-at-commonName + special_string() + + + id-at-localityName + special_string() + + + id-at-stateOrProvinceName + special_string() + + + id-at-organizationName + special_string() + + + id-at-title + special_string() + + + id-at-dnQualifier + {printableString, string()} + + + id-at-countryName + {printableString, string()} + + + id-at-serialNumber + {printableString, string()} + + + id-at-pseudonym + special_string() + + Attribute oids +
+ + +#'Validity'{ + notBefore, % time() + notAfter % time() + }. + +#'SubjectPublicKeyInfo'{ + algorithm, % #AlgorithmIdentifier{} + subjectPublicKey % binary() + }. + +#'SubjectPublicKeyInfoAlgorithm'{ + algorithm, % id_public_key_algorithm() + parameters % public_key_params() + }. + + +

id_public_key_algorithm() = ?oid_name_as_erlang_atom for available +oid names see table below. Ex: ?'id-dsa'

+ + + OID name + + + rsaEncryption + + + id-dsa + + + dhpublicnumber + + + ecdsa-with-SHA1 + + + id-keyExchangeAlgorithm + + Public key algorithm oids +
+ + + +#'Extension'{ + extnID, % id_extensions() | oid() + critical, % boolean() + extnValue % asn1_der_encoded() + }. + + +

id_extensions() = ?oid_name_as_erlang_atom for +available oid names see tables. Ex: ?'id-ce-authorityKeyIdentifier'Standard Certificate Extensions, + Private Internet Extensions, CRL Extensions and + CRL Entry Extensions. +

+ +
+ +
+ + Standard certificate extensions + + + + OID name + Value type + + + id-ce-authorityKeyIdentifier + #'AuthorityKeyIdentifier'{} + + + id-ce-subjectKeyIdentifier + oid() + + + id-ce-keyUsage + [key_usage()] + + + id-ce-privateKeyUsagePeriod + #'PrivateKeyUsagePeriod'{} + + + id-ce-certificatePolicies + #'PolicyInformation'{} + + + + id-ce-policyMappings + #'PolicyMappings_SEQOF'{} + + + + id-ce-subjectAltName + general_name() + + + + id-ce-issuerAltName + general_name() + + + + id-ce-subjectDirectoryAttributes + [#'Attribute'{}] + + + + id-ce-basicConstraints + #'BasicConstraints'{} + + + id-ce-nameConstraints + #'NameConstraints'{} + + + id-ce-policyConstraints + #'PolicyConstraints'{} + + + id-ce-extKeyUsage + [id_key_purpose()] + + + + id-ce-cRLDistributionPoints + #'DistributionPoint'{} + + + + id-ce-inhibitAnyPolicy + integer() + + + + id-ce-freshestCRL + [#'DistributionPoint'{}] + + + + Standard Certificate Extensions +
+ +

+ key_usage() = digitalSignature | nonRepudiation | keyEncipherment| + dataEncipherment | keyAgreement | keyCertSign | cRLSign | encipherOnly | + decipherOnly +

+ +

id_key_purpose() = ?oid_name_as_erlang_atom for available +oid names see table below. Ex: ?'id-kp-serverAuth'

+ + + + OID name + + + id-kp-serverAuth + + + id-kp-clientAuth + + + id-kp-codeSigning + + + id-kp-emailProtection + + + id-kp-timeStamping + + + id-kp-OCSPSigning + + Key purpose oids +
+ + +#'AuthorityKeyIdentifier'{ + keyIdentifier, % oid() + authorityCertIssuer, % general_name() + authorityCertSerialNumber % integer() + }. + +#'PrivateKeyUsagePeriod'{ + notBefore, % general_time() + notAfter % general_time() + }. + +#'PolicyInformation'{ + policyIdentifier, % oid() + policyQualifiers % [#PolicyQualifierInfo{}] + }. + +#'PolicyQualifierInfo'{ + policyQualifierId, % oid() + qualifier % string() | #'UserNotice'{} + }. + +#'UserNotice'{ + noticeRef, % #'NoticeReference'{} + explicitText % string() + }. + +#'NoticeReference'{ + organization, % string() + noticeNumbers % [integer()] + }. + +#'PolicyMappings_SEQOF'{ + issuerDomainPolicy, % oid() + subjectDomainPolicy % oid() + }. + +#'Attribute'{ + type, % oid() + values % [asn1_der_encoded()] + }). + +#'BasicConstraints'{ + cA, % boolean() + pathLenConstraint % integer() + }). + +#'NameConstraints'{ + permittedSubtrees, % [#'GeneralSubtree'{}] + excludedSubtrees % [#'GeneralSubtree'{}] + }). + +#'GeneralSubtree'{ + base, % general_name() + minimum, % integer() + maximum % integer() + }). + +#'PolicyConstraints'{ + requireExplicitPolicy, % integer() + inhibitPolicyMapping % integer() + }). + +#'DistributionPoint'{ + distributionPoint, % general_name() | [#AttributeTypeAndValue{}] + reasons, % [dist_reason()] + cRLIssuer % general_name() + }). + + +
+ +
+ + Private Internet Extensions + + + + OID name + Value type + + + id-pe-authorityInfoAccess + [#'AccessDescription'{}] + + + id-pe-subjectInfoAccess + [#'AccessDescription'{}] + + Private Internet Extensions +
+ + +#'AccessDescription'{ + accessMethod, % oid() + accessLocation % general_name() + }). + + +
+ +
+ CRL and CRL Extensions Profile + + +#'CertificateList'{ + tbsCertList, % #'TBSCertList{} + signatureAlgorithm, % #'AlgorithmIdentifier'{} + signature % {0, binary()} - asn1 compact bitstring + }). + +#'TBSCertList'{ + version, % v2 (if defined) + signature, % #AlgorithmIdentifier{} + issuer, % {rdnSequence, [#AttributeTypeAndValue'{}]} + thisUpdate, % time() + nextUpdate, % time() + revokedCertificates, % [#'TBSCertList_revokedCertificates_SEQOF'{}] + crlExtensions % [#'Extension'{}] + }). + +#'TBSCertList_revokedCertificates_SEQOF'{ + userCertificate, % integer() + revocationDate, % timer() + crlEntryExtensions % [#'Extension'{}] + }). + + +
+ + CRL Extensions + + + + OID name + Value type + + + id-ce-authorityKeyIdentifier + #'AuthorityKeyIdentifier{} + + + id-ce-issuerAltName + {rdnSequence, [#AttributeTypeAndValue'{}]} + + + id-ce-cRLNumber + integer() + + + id-ce-deltaCRLIndicator + integer() + + + id-ce-issuingDistributionPoint + #'IssuingDistributionPoint'{} + + + id-ce-freshestCRL + [#'Distributionpoint'{}] + + + CRL Extensions +
+ + +#'IssuingDistributionPoint'{ + distributionPoint, % general_name() | [#AttributeTypeAndValue'{}] + onlyContainsUserCerts, % boolean() + onlyContainsCACerts, % boolean() + onlySomeReasons, % [dist_reason()] + indirectCRL, % boolean() + onlyContainsAttributeCerts % boolean() + }). + +
+ +
+ + CRL Entry Extensions + + + + OID name + Value type + + + id-ce-cRLReason + crl_reason() + + + id-ce-holdInstructionCode + oid() + + + id-ce-invalidityDate + general_time() + + + id-ce-certificateIssuer + general_name() + + CRL Entry Extensions +
+

+ crl_reason() = unspecified | keyCompromise | cACompromise | + affiliationChanged | superseded | cessationOfOperation | + certificateHold | removeFromCRL | privilegeWithdrawn | + aACompromise +

+
+ +
+ diff --git a/lib/public_key/doc/src/fascicules.xml b/lib/public_key/doc/src/fascicules.xml new file mode 100644 index 0000000000..5f41826c56 --- /dev/null +++ b/lib/public_key/doc/src/fascicules.xml @@ -0,0 +1,19 @@ + + + + + + User's Guide + + + Reference Manual + + + Release Notes + + + Off-Print + + + + diff --git a/lib/public_key/doc/src/introduction.xml b/lib/public_key/doc/src/introduction.xml new file mode 100644 index 0000000000..71488e435a --- /dev/null +++ b/lib/public_key/doc/src/introduction.xml @@ -0,0 +1,52 @@ + + + + +
+ + 2008 + 2008 + Ericsson AB, All Rights Reserved + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + + + Introduction + Ingela Anderton Andin + + + + + 2008-01-22 + A + introduction.xml +
+ +
+ Purpose +

This application provides an API to public key infrastructure + from RFC 3280 (X.509 certificates) and public key formats defined + by the PKCS-standard.

+
+ +
+ Prerequisites +

It is assumed that the reader is familiar with the Erlang + programming language, concepts of OTP and has a basic understanding + of the concepts of using public keys.

+
+ + + diff --git a/lib/public_key/doc/src/make.dep b/lib/public_key/doc/src/make.dep new file mode 100644 index 0000000000..2675556f1b --- /dev/null +++ b/lib/public_key/doc/src/make.dep @@ -0,0 +1,21 @@ +# ---------------------------------------------------- +# >>>> Do not edit this file <<<< +# This file was automaticly generated by +# /home/otp/bin/docdepend +# ---------------------------------------------------- + + +# ---------------------------------------------------- +# TeX files that the DVI file depend on +# ---------------------------------------------------- + +book.dvi: book.tex cert_records.tex introduction.tex \ + part.tex public_key.tex public_key_records.tex \ + ref_man.tex + +# ---------------------------------------------------- +# Source inlined when transforming from source to LaTeX +# ---------------------------------------------------- + +book.tex: ref_man.xml + diff --git a/lib/public_key/doc/src/note.gif b/lib/public_key/doc/src/note.gif new file mode 100644 index 0000000000..6fffe30419 Binary files /dev/null and b/lib/public_key/doc/src/note.gif differ diff --git a/lib/public_key/doc/src/notes.xml b/lib/public_key/doc/src/notes.xml new file mode 100644 index 0000000000..822f8bdb66 --- /dev/null +++ b/lib/public_key/doc/src/notes.xml @@ -0,0 +1,120 @@ + + + + +
+ + 2008 + 2008 + Ericsson AB, All Rights Reserved + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + + + public_key Release Notes + Ingela Anderton Andin + Ingela Anderton Andin + + + + 2008-01-22 + A + notes.xml +
+ + +
Public_Key 0.4 + +
Improvements and New Features + + +

+ The documentation is now built with open source tools + (xsltproc and fop) that exists on most platforms. One + visible change is that the frames are removed.

+

+ Own Id: OTP-8250

+ + +
+ +
+ +
Public_Key 0.3 + +
Fixed Bugs and Malfunctions + + +

+ Unknown attributes in certificates are left encoded + instead of crashing. Patch by Will "wglozer" thanks.

+

+ Own Id: OTP-8100

+ + +
+ + +
Improvements and New Features + + +

+ Allow public_key:pem_to_der/[1,2] to take a binary as + argument in addition to a filename. Patch by Geoff Cant, + thanks.

+

+ Own Id: OTP-8142

+ + +
+ +
+ +
Public_Key 0.2 + +
Improvements and New Features + + +

+ X509 certificate handling has been extended and improved + as a result of more extensive testing of both the ssl + and public_key application. Even more extensions of the + certificate handling is yet to be implemented.

+

+ Own Id: OTP-7860

+ + +
+ +
+ +
Public_Key 0.1 + +
Improvements and New Features + + +

+ First version.

+

+ Own Id: OTP-7637

+ + +
+ +
+ + + + diff --git a/lib/public_key/doc/src/part.xml b/lib/public_key/doc/src/part.xml new file mode 100644 index 0000000000..b85fa063ce --- /dev/null +++ b/lib/public_key/doc/src/part.xml @@ -0,0 +1,42 @@ + + + + +
+ + 2008 + 2008 + Ericsson AB, All Rights Reserved + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + + + public_key User's Guide + Ingela Anderton Andin + + 2008-01-22 + + part.xml +
+ +

This application provides an API to public key infrastructure + from RFC 3280 (X.509 certificates) and some public key formats defined + by the PKCS-standard.

+ + + + + + diff --git a/lib/public_key/doc/src/part_notes.xml b/lib/public_key/doc/src/part_notes.xml new file mode 100644 index 0000000000..37ca516bc8 --- /dev/null +++ b/lib/public_key/doc/src/part_notes.xml @@ -0,0 +1,38 @@ + + + + +
+ + 2008 + 2008 + Ericsson AB, All Rights Reserved + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + + + public_key Release Notes + Ingela Anderton Andin + + 2008-01-22 + +
+ +

+ + + + + diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml new file mode 100644 index 0000000000..dc9a96906f --- /dev/null +++ b/lib/public_key/doc/src/public_key.xml @@ -0,0 +1,317 @@ + + + + +
+ + 2008 + 2008 + Ericsson AB, All Rights Reserved + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + + + public_key + Ingela Anderton Andin + + + + +
+ public_key + API module for public key infrastructure. + +

This module provides functions to handle public key infrastructure + from RFC 3280 - X.509 certificates (will later be upgraded to RFC 5280) + and some parts of the PKCS-standard. + Currently this application is mainly used by the new + ssl implementation. The API is yet under construction + and only a few of the functions are currently documented and thereby supported. +

+ + +
+ COMMON DATA TYPES + +

All records used in this manual + + are generated from asn1 specifications + and are documented in the User's Guide. See Public key records and X.509 Certificate records. +

+ +

Use the following include directive to get access to the + records and constant macros described here and in the User's Guide.

+ + -include_lib("public_key/include/public_key.hrl"). + +

Data Types

+ +

boolean() = true | false

+ +

string = [bytes()]

+ +

asn1_der_encoded() = binary() | [bytes()]

+ +

der_bin() = binary()

+ +

oid() - a tuple of integers + as generated by the asn1 compiler.

+ +

public_key() = rsa_public_key() | dsa_public_key()

+ +

rsa_public_key() = #'RSAPublicKey'{}

+ +

rsa_private_key() = #'RSAPrivateKey'{}

+ +

dsa_public_key() = integer()

+ +

public_key_params() = dsa_key_params()

+ +

dsa_key_params() = #'Dss-Parms'{}

+ +

private_key() = rsa_private_key() | dsa_private_key()

+ +

rsa_private_key() = #'RSAPrivateKey'{}

+ +

dsa_private_key() = #'DSAPrivateKey'{}

+ +

x509_certificate() = "#Certificate{}"

+ +

x509_tbs_certificate() = #'TBSCertificate'{}

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + decode_private_key(KeyInfo) -> + decode_private_key(KeyInfo, Password) -> {ok, PrivateKey} | {error, Reason} + Decodes an asn1 der encoded private key. + + KeyInfo = {KeyType, der_bin(), ChipherInfo} + As returned from pem_to_der/1 for private keys + KeyType = rsa_private_key | dsa_private_key + ChipherInfo = opaque() | no_encryption + ChipherInfo may contain encryption parameters if the private key is password + protected, these are opaque to the user just pass the value returned by pem_to_der/1 + to this function. + Password = string() + Must be specified if CipherInfo =/= no_encryption + PrivateKey = private_key() + Reason = term() + + +

Decodes an asn1 der encoded private key.

+ + + + + pem_to_der(File) -> {ok, [Entry]} + Reads a PEM file and translates it into its asn1 der + encoded parts. + + File = path() + Password = string() + Entry = {entry_type(), der_bin(), CipherInfo} + ChipherInfo = opaque() | no_encryption + ChipherInfo may contain encryption parameters if the private key is password + protected, these will be handled by the function decode_private_key/2. + entry_type() = cert | cert_req | rsa_private_key | dsa_private_key | + dh_params + + +

Reads a PEM file and translates it into its asn1 der + encoded parts.

+ + + + + pkix_decode_cert(Cert, Type) -> {ok, DecodedCert} | {error, Reason} + Decodes an asn1 der encoded pkix certificate. + + Cert = asn1_der_encoded() + Type = plain | otp + DecodeCert = x509_certificate() + When type is specified as otp the asn1 spec OTP-PKIX.asn1 is used to decode known + extensions and enhance the signature field in + #'Certificate'{} and '#TBSCertificate'{}. This is currently used by the new ssl + implementation but not documented and supported for the public_key application. + Reason = term() + + +

Decodes an asn1 encoded pkix certificate.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/lib/public_key/doc/src/public_key_records.xml b/lib/public_key/doc/src/public_key_records.xml new file mode 100644 index 0000000000..45b7106859 --- /dev/null +++ b/lib/public_key/doc/src/public_key_records.xml @@ -0,0 +1,99 @@ + + + + +
+ + 2008 + 2008 + Ericsson AB, All Rights Reserved + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + + + Public key records + Ingela Anderton Andin + + + + + 2008-02-06 + A + public_key_records.xml +
+ +

This chapter briefly describes Erlang records derived from asn1 + specifications used to handle public and private keys. The intent + is to describe the data types and not to specify the meaning of + each component for this we refer you to the relevant standards and RFCs.

+ +

Use the following include directive to get access to the + records and constant macros used in the following sections.

+ + -include_lib("public_key/include/public_key.hrl"). + +
+ RSA as defined by the PKCS-1 standard and RFC 3447. + + +#'RSAPublicKey'{ + modulus, % integer() + publicExponent % integer() + }. + +#'RSAPrivateKey'{ + version, % two-prime | multi + modulus, % integer() + publicExponent, % integer() + privateExponent, % integer() + prime1, % integer() + prime2, % integer() + exponent1, % integer() + exponent2, % integer() + coefficient, % integer() + otherPrimeInfos % [#OtherPrimeInfo{}] | asn1_NOVALUE + }. + +#'OtherPrimeInfo'{ + prime, % integer() + exponent, % integer() + coefficient % integer() + }. + + +
+ +
+ DSA as defined by Digital Signature Standard (NIST FIPS PUB 186-2) + + + +#'DSAPrivateKey',{ + version, % integer() + p, % integer() + q, % integer() + g, % integer() + y, % integer() + x % integer() + }. + +#'Dss-Parms',{ + p, % integer() + q, % integer() + g % integer() + }. + +
+ diff --git a/lib/public_key/doc/src/ref_man.xml b/lib/public_key/doc/src/ref_man.xml new file mode 100644 index 0000000000..0f11281d05 --- /dev/null +++ b/lib/public_key/doc/src/ref_man.xml @@ -0,0 +1,43 @@ + + + + +
+ + 2008 + 2008 + Ericsson AB, All Rights Reserved + + + The contents of this file are subject to the Erlang Public License, + Version 1.1, (the "License"); you may not use this file except in + compliance with the License. You should have received a copy of the + Erlang Public License along with this software. If not, it can be + retrieved online at http://www.erlang.org/. + + Software distributed under the License is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See + the License for the specific language governing rights and limitations + under the License. + + The Initial Developer of the Original Code is Ericsson AB. + + + public_key Reference Manual + Ingela Anderton Andin + + 2008-01-22 + + ref_man.xml +
+ +

Provides functions to handle public key infrastructure + from RFC 3280 (X.509 certificates) and some parts of the PKCS-standard. +

+ + + + + + + -- cgit v1.2.3